How to Install and Use arp-scan on Linux
How to Install and Use arp-scan on Linux
arp-scan is a command-line tool used for network scanning, specifically for detecting and mapping devices on a local network using the Address Resolution Protocol (ARP). It’s useful for network administrators or security enthusiasts who want to discover hosts on a LAN. This guide covers how to install and use arp-scan on various Linux distributions.
Installation
On Ubuntu and Debian
Open the terminal.
Update the package list:
sudo apt update
Install arp-scan:
sudo apt install arp-scan
On Arch Linux
Open the terminal.
Install arp-scan using pacman:
sudo pacman -S arp-scan
On Fedora
Open the terminal.
Install arp-scan using dnf:
sudo dnf install arp-scan
On OpenSUSE
Open the terminal.
Install arp-scan using zypper:
sudo zypper install arp-scan
Basic Usage
Once arp-scan is installed, you can start scanning your local network to discover active devices. Here’s how to use it.
Scan the Local Network
To scan your local network, you’ll need to specify the network interface and the IP range you want to scan. In most cases, you can find your network interface using the ifconfig or ip a command.
To run a basic scan, use the following command:
sudo arp-scan –interface=eth0 192.168.1.0/24
Replace eth0 with your network interface and adjust the IP range (e.g., 192.168.1.0/24) according to your network configuration.
Scan All Local Interfaces
If you are unsure of which interface to use, you can scan all available network interfaces with:
sudo arp-scan –localnet
This command will automatically detect the interface and scan the entire local network.
Display Manufacturer Information
To get more detailed information, such as the manufacturer of the detected devices, use the –print-macs option:
sudo arp-scan –interface=eth0 –print-macs 192.168.1.0/24
Exporting Results
You can save the output of your scan to a file for future reference. To export the scan results, simply redirect the output to a file:
sudo arp-scan –interface=eth0 192.168.1.0/24 > scan_results.txt
Common Options
–retry=N: Set the number of retries for hosts that don’t respond. For example, to retry 2 times:
sudo arp-scan –retry=2 –interface=eth0 192.168.1.0/24
–quiet: Suppress output and only show hosts that responded to the scan:
sudo arp-scan –quiet –interface=eth0 192.168.1.0/24
–version: Check the installed version of arp-scan:
arp-scan –version
Use Cases
Network Discovery: Identify all devices connected to a network, such as computers, phones, printers, or IoT devices.
Security Auditing: Detect unauthorized or rogue devices connected to your network.
Troubleshooting: Verify the status of devices on your network to ensure they are properly configured.
Conclusion
arp-scan is a lightweight but powerful tool for network scanning and device discovery. It’s an essential utility for network administrators or anyone interested in monitoring their local network. With arp-scan, you can quickly and efficiently map out all devices on your network.
For more information, visit the official arp-scan documentation.